Ngoanhduc

**Name of the Vulnerable Software and Affected Versions** Voyager version 1.3.0 **Description** A directory traversal issue allows attackers to access sensitive system files by manipulating the asset path parameter. This can be exploited via the '/admin/voyager-assets' endpoint by manipulating the `path` parameter to read arbitrary files, such as /etc/passwd and .env configuration files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Umbraco CMS version 8.14.1 **Description** The software contains a server-side request forgery issue that allows attackers to manipulate `baseUrl` parameters. This manipulation can occur in several controller endpoints, including the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints. Successful exploitation enables attackers to initiate unauthorized server-side requests to external hosts. The affected API endpoints are: '/umbraco/api/dashboard/help/page', '/umbraco/api/dashboard/content', and '/umbraco/api/dashboard/css'. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `GetContextHelpForPage()`, `GetRemoteDashboardContent()`, and `GetRemoteDashboardCss()` functions.